Skip to content

Commit 059cc4d

Browse files
abdulraqeeb33AR Abdul Azeez
abdulraqeeb33
and
AR Abdul Azeez
authored
ci: publish job (#2359)
* publish job * new line * trigger * quotes * working directory and mask * java check - assemble * release tag * SDK Version and permissions * SDK Version * trigger on branch * pre prerelease tag * Checkout release branch Checkout release branch * Cleanup Cleanup * Cleanup * copy pr body into the release notes * remove BW Dependency and also delete the release branch * testing * Update publish job to trigger when release PR is closed * remove test data * Fix * Manual run * Updated publish release - manual run and pick up last release PR * path fix * path fix * manual and auto run * Manual version * removed manual version entry and resolve --------- Co-authored-by: AR Abdul Azeez <[email protected]>
1 parent 7b2b588 commit 059cc4d

File tree

1 file changed

+143
-0
lines changed

1 file changed

+143
-0
lines changed

.github/workflows/publish-release.yml

Lines changed: 143 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,143 @@
1+
name: Publish Release
2+
3+
on:
4+
push:
5+
branches:
6+
- main
7+
workflow_dispatch:
8+
inputs:
9+
ref:
10+
description: "Branch or commit SHA to run on"
11+
required: false
12+
default: "main"
13+
14+
permissions:
15+
contents: write
16+
pull-requests: read
17+
18+
jobs:
19+
publish:
20+
runs-on: ubuntu-latest
21+
22+
# Auto-run only if this is a rel/* merge commit into main, OR manual dispatch
23+
if: github.event_name == 'workflow_dispatch' ||
24+
(startsWith(github.event.head_commit.message, 'Merge pull request') &&
25+
contains(github.event.head_commit.message, 'rel/'))
26+
27+
env:
28+
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
29+
MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
30+
SDK_SIGNING_KEY_ID: ${{ secrets.SDK_SIGNING_KEY_ID }}
31+
SDK_SIGNING_PASSWORD: ${{ secrets.SDK_SIGNING_PASSWORD }}
32+
SDK_SIGNING_SECRET_KEY_RING_ENCODED: ${{ secrets.SDK_SIGNING_SECRET_KEY_RING_ENCODED }}
33+
GPG_FILE_NAME: onesignal_sdk_gpg_subkeys
34+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
35+
36+
steps:
37+
- name: Checkout code
38+
uses: actions/checkout@v5
39+
with:
40+
ref: ${{ github.event.inputs.ref || github.sha }}
41+
42+
- name: Ensure Java 11 or 17
43+
run: |
44+
CURRENT_JAVA=$(java -version 2>&1 | head -n 1 | awk -F '"' '{print $2}')
45+
echo "Current Java version: $CURRENT_JAVA"
46+
if [[ "$CURRENT_JAVA" != 11.* && "$CURRENT_JAVA" != 17.* ]]; then
47+
echo "Installing Java 11..."
48+
sudo apt-get update
49+
sudo apt-get install openjdk-11-jdk -y
50+
echo "JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64" >> $GITHUB_ENV
51+
echo "/usr/lib/jvm/java-11-openjdk-amd64/bin" >> $GITHUB_PATH
52+
fi
53+
54+
- name: Decode GPG file from secret
55+
working-directory: OneSignalSDK
56+
run: |
57+
echo "$SDK_SIGNING_SECRET_KEY_RING_ENCODED" | base64 -d > "$GPG_FILE_NAME"
58+
echo "GPG_FILE_PATH=$(pwd)/$GPG_FILE_NAME" >> $GITHUB_ENV
59+
60+
- name: Verify GPG file
61+
working-directory: OneSignalSDK
62+
run: |
63+
ls -lh "$GPG_FILE_PATH"
64+
gpg --list-packets "$GPG_FILE_PATH" || echo "Invalid key file!"
65+
66+
- name: Extract release version from gradle.properties
67+
id: extract_version
68+
run: |
69+
VERSION=$(grep '^SDK_VERSION=' OneSignalSDK/gradle.properties | cut -d '=' -f2)
70+
echo "SDK_VERSION=$VERSION" >> $GITHUB_ENV
71+
echo "Resolved version: $VERSION"
72+
73+
- name: Assemble Release
74+
run: ./gradlew assembleRelease
75+
working-directory: OneSignalSDK
76+
77+
- name: Dry Run - Publish to Maven Local with signing
78+
working-directory: OneSignalSDK
79+
run: |
80+
./gradlew publishToMavenLocal --no-configuration-cache \
81+
-Psigning.keyId="$SDK_SIGNING_KEY_ID" \
82+
-Psigning.password="$SDK_SIGNING_PASSWORD" \
83+
-Psigning.secretKeyRingFile="$GPG_FILE_PATH"
84+
85+
- name: Publish to Maven Central
86+
working-directory: OneSignalSDK
87+
run: |
88+
./gradlew publishAndReleaseToMavenCentral --no-configuration-cache \
89+
-PmavenCentralUsername="$MAVEN_USERNAME" \
90+
-PmavenCentralPassword="$MAVEN_PASSWORD" \
91+
-Psigning.keyId="$SDK_SIGNING_KEY_ID" \
92+
-Psigning.password="$SDK_SIGNING_PASSWORD" \
93+
-Psigning.secretKeyRingFile="$GPG_FILE_PATH"
94+
95+
- name: Get latest merged rel/* PR into main
96+
id: fetch_pr
97+
run: |
98+
PR_JSON=$(gh pr list \
99+
--state merged \
100+
--base main \
101+
--json number,title,body,headRefName,mergedAt \
102+
--jq '[.[] | select(.headRefName | startswith("rel/"))] | sort_by(.mergedAt) | last')
103+
104+
if [[ -z "$PR_JSON" || "$PR_JSON" == "null" ]]; then
105+
echo "❌ No merged release PR found."
106+
exit 1
107+
fi
108+
109+
echo "✅ Found release PR:"
110+
echo "$PR_JSON" | jq -r '.title'
111+
112+
PR_BODY=$(echo "$PR_JSON" | jq -r '.body')
113+
echo "$PR_BODY" > release_notes.md
114+
115+
- name: Tag and create GitHub Release
116+
run: |
117+
VERSION="${{ env.SDK_VERSION }}"
118+
119+
if [[ "$VERSION" == *"alpha"* ]]; then
120+
PRERELEASE="--prerelease"
121+
CHANNEL="alpha"
122+
elif [[ "$VERSION" == *"beta"* ]]; then
123+
PRERELEASE="--prerelease"
124+
CHANNEL="beta"
125+
else
126+
PRERELEASE=""
127+
CHANNEL="current"
128+
fi
129+
130+
echo -e "Channels: $CHANNEL\n\n$(cat release_notes.md)" > release_notes.md
131+
132+
git config user.name "github-actions[bot]"
133+
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
134+
135+
echo "Tagging release $VERSION"
136+
git tag "$VERSION"
137+
git push origin "$VERSION"
138+
139+
echo "Creating GitHub release"
140+
gh release create "$VERSION" \
141+
--title "$VERSION" \
142+
--notes-file release_notes.md \
143+
$PRERELEASE

0 commit comments

Comments
 (0)